UbuntuUpdates.org

Package "haproxy-dbg"

Name: haproxy-dbg

Description:

fast and reliable load balancing reverse proxy (debug symbols)
Latest version: 1.6.3-1ubuntu0.3
Release: xenial (16.04)
Level: updates
Repository: main
Head package: haproxy
Homepage: http://haproxy.1wt.eu/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "haproxy-dbg"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "haproxy-dbg" in Xenial

Repository Area Version
base main 1.6.3-1
security main 1.6.3-1ubuntu0.3

Changelog

Version: 1.6.3-1ubuntu0.3 2019-11-05 15:06:58 UTC

  haproxy (1.6.3-1ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Messages with transfer-encoding header missing "chunked"
    value were not being correctly rejected
    - debian/patches/CVE-2019-18277.patch: also reject messages where
      "chunked" is missing from transfer-enoding in.
      src/proto_http.c.
    - CVE-2019-18277

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 25 Oct 2019 13:12:29 -0300
Source diff to previous version
CVE-2019-18277 A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being co

Version: 1.6.3-1ubuntu0.2 2019-01-15 13:06:35 UTC

  haproxy (1.6.3-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2018-20102.patch: check the bounds
      in src/dns.c.
    - CVE-2018-20102

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 11 Jan 2019 10:34:44 -0300
Source diff to previous version
CVE-2018-20102 An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS resp

Version: 1.6.3-1ubuntu0.1 2016-06-20 19:07:01 UTC

  haproxy (1.6.3-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via reqdeny
    - debian/patches/CVE-2016-5360.patch: use temporary variable to store
      status in include/types/proto_http.h, src/proto_http.c.
    - CVE-2016-5360

 -- Marc Deslauriers <email address hidden> Tue, 14 Jun 2016 09:35:08 +0300
CVE-2016-5360 remote denial of service via reqdeny


About   -   Send Feedback to @ubuntu_updates